Hardi
Sep 01, 2019Nimbostratus
iRule_TLS
Hi, much appreciate your guidance to achieve the following through iRule; 1- at the TCP level; iRule read the payload and find the client hello header. 2- then search for extension of 229938,...
Hi Hardi,
There are SSL commands which you can use to extract the extensions ( https://clouddocs.f5.com/api/irules/SSL__extensions.html ) but of course for that you need to operate at the SSL level. At the TCP level you would have to binary scan the client hello, work out exactly where that extension is and extract only that part of the data. That is quite tricky with variable length headers ie the extension you want may be the first or the third and the SSL header includes a number of variable-length fields. Not easy to do, especially in TCL. I'm sure it's possible but it it more than i could write here.
Example pseudocode
when CLIENT_ACCEPTED
TCP::collect
endwhen
when CLIENT_DATA
binary scan payload
if client-hello then
binary scan TLS header
loop through extensions
endif
endwhen